How do fraudsters get stolen credit card information?

Fraudsters typically purchase stolen credit card information and user credentials on the dark web through several avenues.

Data breaches

Data breaches, such as the Facebook database leak in January 2021, make it easy for fraudsters to get their hands on user data. In the case of the Facebook database leak, more than 533 million verified records from 106 countries, including over 32 million records on users in the United States, 11 million on users in the United Kingdom, and 6 million on users in India were compromised. That data included users’ phone numbers associated with IDs and full names, locations, birthdays, bios, and some email addresses.

Phishing scams

Phishing scams happen when a fraudster sends a link via email, text message, or even social media that looks trustworthy, but clicking the link automatically installs software (known as malware) that gives the fraudster access to the users' device.

From there, fraudsters can capture user-entered login credentials and personal information that can be used to access accounts and make fraudulent purchases. More than 450,000 new malware programs are identified every day, and the number of malware programs totals more than 1.3 billion.


Fraudsters can also capture credit card data using skimmers, which are attached to devices at gas stations, ATMs, and other places where a card swipe is necessary. While the popularity of contactless payments has shifted how many consumers use their credit cards, there still are plenty of opportunities for fraudsters to use this tactic. Fraud related to card skimmers is increasing at a rate of nearly 10% per year.

Hacking mobile phones

The rising use of mobile wallets and other smartphone-based payments are giving fraudsters another target. By hijacking users’ mobile phones, they can access credit card data, intercept calls from banks and other financial institutions, and confirm charges.

Related Topics

Ecommerce Fraud Basics

Chargeback Management

Related Resources

Contactless Payment Trends We're Watching Now for 2022

Facebook and LinkedIn data exposures show the scope of account takeover risks

Could hackers trick voice assistants into committing fraud? Researchers say yes.

Phishing is now big time. Can security keep up?

ECommerce Fraud Protection for Online Merchants: The Ultimate Guide

[2022] State of ATO Fraud

Account takeover is the biggest fraud threat U.S. consumers haven't heard of